The Hacking We Should be Worried About: North Korean Cyberattacks

Kim Jong Un warned the U.S. today that his regime had a score to settle with the Trump administration that could only be resolved in a “hail of fire” following Trump’s fiery U.N. speech last month and his labeling of Un as a “little rocket man.”

It appears Un has made good on his threats of attack; but rather than coming in a “hail of fire” they have the potential of doing the opposite: leading to a blackout.

The cybersecurity company FireEye says in a new report to private clients, obtained exclusively by NBC News, that hackers linked to North Korea recently targeted U.S. electric power companies with spearphishing emails.

The emails used fake invitations to a fundraiser to target victims, FireEye said. A victim who downloaded the invitation attached to the email would also be downloading malware into his or her computer network, according to the FireEye report. The company did not dispute NBC’s characterization of the report, but declined to comment.

There is no evidence that the hacking attempts were successful, but FireEye assessed that the targeting of electric utilities could be related to increasing tensions between the U.S. and North Korea, potentially foreshadowing a disruptive cyberattack.

Cybersecurity expert Robert Lee told NBC News that the spearphising scheme was relatively harmless. “Any targeting of infrastructure by a foreign power is a concerning thing,” he said, adding that North Korea or other adversaries “are far from being able to disrupt the electric grid.”

“This activity represents initial targeting, and if disruptions are even possible they would be very minor,” Lee said.

However, in a report from August of this year, cybersecurity firm Crowdstrike noted that North Korea has become a large player in the cyberattack game alongside Russia, China, and Iran. The Crowdstrike report warned that the American financial sector is particularly vulnerable to a cyber attack from Kim’s regime.

Given their apparent recent interest in the U.S. electric grid, it may be wise to begin addressing vulnerabilities in that system, despite the relative lack of success the regime has had in real infiltration of critical systems.

“It’s mostly data disruption,” James Lewis, a specialist at the Center for Strategic and International Studies, told NBC News. “The people who haven’t done a good job defending themselves are the ones who get whacked. Companies or agencies that haven’t protected their data or backed it up.”

But North Korean ex-pat Kim Heung-Kwang, a North Korean computer science teacher who escaped to the West 13 years ago, said not to underestimate the regime.

“They work hard to survive and do not give up,” he said. “If they don’t give up, maybe someday they might succeed.”